The Pentagon is pausing CMMC phase two requirements for 60 days to review the program and reduce bureaucratic barriers, while keeping existing cybersecurity obligations in place. Officials said the reform effort will seek industry feedback, support small businesses, and preserve strong protections for government information. #CMMC #DepartmentofWar #PeteHegseth
Keypoints
- The Pentagon is suspending CMMC phase two requirements pending a 60-day review.
- Contractors must still comply with phase one requirements and existing information-handling rules.
- A new task force will gather industry feedback and propose scaled-back measures.
- Officials want to reduce compliance burdens on small and nontraditional defense businesses.
- The phased CMMC rollout remains tied to FCI, CUI, NIST 800-171, and future certification stages.